A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in XChat. By default, socks5 traversal is disabled, and one would also need to connect to an attacker's own custom proxy server in order for this to be exploited. Successful exploitation could lead to arbitrary code execution as the user running XChat.